Lucene search
K

277 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-61455

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-58661

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42893

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 4 days ago5 views

CVE-2026-58661

n8n is affected: older releases (before 2.28.0 and, on the 1.x branch, before 1.123.58) contain a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota does not account for files already written to the shared temporary directory, allowing an authenticat...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Langflow < 1.9.1 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.1. It is, therefore, affected by multiple vulnerabilities: - An Insecure Direct Object Reference IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user...

9.3CVSS6.3AI score0.0056EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59873

A flaw was found in node-tar, a tar archive manipulation library for Node.js. This vulnerability allows a remote attacker to craft a small gzip bomb, which, when processed, can lead to the exhaustion of disk space and CPU resources. This occurs because node-tar does not enforce strict limits on t...

9.2CVSS5.8AI score0.00358EPSS
Exploits1References6
NVD
NVD
added 5 days ago7 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS0.00274EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42534

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References2
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.4 views

DoS through oversized audit log entries in Guardian/CMC before 26.2.0

Summary A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. Impact An unauthenticated attacker can submit requests containing excessively large input that is...

8.7CVSS6AI score0.00274EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS0.00332EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:17 p.m.42 views

CVE-2026-55450

Langflow prior to 1.9.1 allows unauthenticated uploads via the /upload/{flow_id} endpoint, enabling unlimited data transfer, which can cause server disk-space exhaustion (DoS). The response also leaks the absolute path of the uploaded file, an information leak that could aid further attacks. The ...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:17 p.m.4 views

CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:17 p.m.42 views

CVE-2026-55450 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS0.00332EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/18 6:21 p.m.9 views

CVE-2026-44942

A flaw was found in libzypp. This path traversal vulnerability, present in the handling of the "path" component within .repo files, could allow attackers to write content to directories outside of the intended zypp cache. This unauthorized writing of data can lead to a Denial of Service DoS by...

6.5CVSS5AI score0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2025-32437

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.16 views

CVE-2025-32424

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 4:18 p.m.21 views

CVE-2025-32436 AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

7.1CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 4:14 p.m.23 views

CVE-2025-32424

AutoGPT contains a DoS vulnerability in ScreenshotWebPageBlock prior to version 0.6.63. When a user repeatedly screenshots many pages via StepThroughItemsBlock, there is no limit on loops or on disk space usage in the current working directory, allowing disk exhaustion. Version 0.6.63 patches thi...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder